$dms, 'user'=>$user)); $accessop = new SeedDMS_AccessOperation($dms, $user, $settings); if (!$accessop->check_controller_access($controller, $_POST)) { UI::exitError(getMLText("admin_tools"),getMLText("access_denied")); } if (isset($_POST["action"])) $action=$_POST["action"]; else $action=NULL; if(!in_array($action, array('addrole', 'removerole', 'editrole'))) UI::exitError(getMLText("admin_tools"),getMLText("unknown_command")); /* Check if the form data comes for a trusted request */ if(!checkFormKey($action)) { UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token")); } $roleid = 0; if(in_array($action, array('removerole', 'editrole'))) { if (isset($_POST["roleid"])) { $roleid = $_POST["roleid"]; } if (!isset($roleid) || !is_numeric($roleid) || intval($roleid)<1) { UI::exitError(getMLText("admin_tools"),getMLText("invalid_role_id")); } $roleobj = $dms->getRole($roleid); if (!is_object($roleobj)) { UI::exitError(getMLText("admin_tools"),getMLText("invalid_role_id")); } $controller->setParam('roleobj', $roleobj); } // add new role --------------------------------------------------------- if ($action == "addrole") { $name = $_POST["name"]; $role = preg_replace('/[^0-2]+/', '', $_POST["role"]); if (is_object($dms->getRoleByName($name))) { UI::exitError(getMLText("admin_tools"),getMLText("role_exists")); } if ($role === '') { UI::exitError(getMLText("admin_tools"),getMLText("missing_role_type")); } $controller->setParam('name', $name); $controller->setParam('role', $role); $newRole = $controller($_POST); if ($newRole) { } else UI::exitError(getMLText("admin_tools"),getMLText("error_occured")); $roleid=$newRole->getID(); $session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_add_role'))); add_log_line(".php&action=".$action."&name=".$name); } // delete role ------------------------------------------------------------ else if ($action == "removerole") { if (!$controller($_POST)) { UI::exitError(getMLText("admin_tools"),getMLText("error_occured")); } add_log_line(".php&action=".$action."&roleid=".$roleid); $session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_rm_role'))); $roleid=-1; } // modify role ------------------------------------------------------------ else if ($action == "editrole") { $name = $_POST["name"]; $role = preg_replace('/[^0-2]+/', '', $_POST["role"]); $noaccess = isset($_POST['noaccess']) ? $_POST['noaccess'] : null; $controller->setParam('name', $name); $controller->setParam('role', $role); $controller->setParam('noaccess', $noaccess); if (!$controller($_POST)) { UI::exitError(getMLText("admin_tools"),getMLText("error_occured")); } $session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_edit_role'))); add_log_line(".php&action=".$action."&roleid=".$roleid); } header("Location:../out/out.RoleMgr.php?roleid=".$roleid); ?>